The worlds largest democracy has offered the public a chance to hack its unverifiable voting machines. The details are skimpy, history does not provide confidence, and while it may be a step in the right direction it is ultimately insufficient. See the article by George Washington University Professor Poorvi Vora: Hacking EVMs: The EC has issued a challenge. It must first accept the challenge it faces <read>

Let’s not forget that such a so-called challenge was also given in 2009. The examination of EVMs should be treated as an opportunity to make the process more transparent and open. In 2009, however, when the Election Commission allowed the public to examine EVMs, the examination was hugely circumscribed so as to prevent anyone from carrying out any substantive – albeit practical – attack.

If this offer of EVM examination is simply a cosmetic offer as in 2009, and not intended to allow for a complete analysis, the trust deficit between the Indian public and Indian elections will continue to grow.

The Election Commission should demonstrate that their claims of EVM security do not rest on the very fragile assumption that all insiders with access to the EVM can be trusted. To understand what an insider with access can achieve if they try to tamper with the systems, they should provide the experts with design documents and details of the tests used to verify the design and security properties. The Election Commission’s approach so far, of keeping design details secret, is termed “security through obscurity” by computer security experts, and was debunked as far back as the late 1800s by Dutch cryptographer Auguste Kerckhoffs…

In addition to the transparency provided by public testing of EVMs before elections, there is a role for transparency after the election as well. Even if one were to believe that EVMs are tamper proof, every election outcome must be checked to ensure that the unexpected did not happen, that “mock drill data” (votes due to key presses during testing) was erased as it is supposed to be, and did not contribute to the count, that errors did not affect the outcome, that the EVMs were correctly calibrated, that somebody did not try to change the outcome and succeed, and so on.

If the VVPAT record is verified by the voter to be a faithful reproduction of the vote, is stored securely separate from the EVMs, and is publicly audited after the election, it provides strong independent confirmation that the outcome is correct.

It is not sufficient to simply print VVPAT records, nor is it sufficient for voters to carefully check them. A correctly printed VVPAT record indicates merely that the machine correctly understood the vote. It does not indicate that the vote was correctly recorded or counted. A public audit needs to be performed to determine that the VVPAT records are consistent with the declared election outcome.